Skip to content

Add PCCS crate#3

Draft
ameba23 wants to merge 7 commits intopeg/add-attestation-cratefrom
peg/add-pccs-2
Draft

Add PCCS crate#3
ameba23 wants to merge 7 commits intopeg/add-attestation-cratefrom
peg/add-pccs-2

Conversation

@ameba23
Copy link
Collaborator

@ameba23 ameba23 commented Mar 9, 2026
edited
Loading

Adds an internal Provisioning Certifcate Cache Service (PCCS) crate which pre-fetches collateral and pre-emptively refreshes it, with the goal of keeping colleteral fetching out of the hot path when verifying attestations.

This copies the functionality from theses PRs to attested-tls-proxy:

API Routes used internally

Here are the routes hit during initial caching - documented in Intel PCCS spec:

  1. GET https://api.trustedservices.intel.com/sgx/certification/v4/fmspcs
    Source: src/lib.rs:268

    • This is used to initially get all available FMSPCS for the cache. For each of these we then call:
      dcap_qvl::collateral::get_collateral_for_fmspc for each, with both 'processor' and 'platform' as the 'ca' arguement.
    • Internally, this function calls these other 3 API routes:

  2. GET https://api.trustedservices.intel.com/sgx/certification/v4/pckcrl?ca={processor|platform}&encoding=der
    Source builder: url_pckcrl():69

    • This gets the PCK certifcate revocation list for 'processor' or 'platform' ca.
    • Note: this is always under /sgx, even for TDX collateral fetches.

  3. GET https://api.trustedservices.intel.com/tdx/certification/v4/tcb?fmspc={FMSPC}
    Source builder: url_tcb():77

    • This gets the TDX collateral for this FMSPC, and will fail if there is none.

  4. GET https://api.trustedservices.intel.com/tdx/certification/v4/qe/identity?update=standard
    Source builder: url_qe_identity():81
    - This gets the identity of the quoting enclave

Example demonstrating pre-warm

Included with the pccs crate is an example which demonstrate the warm-up cache filling using the Intel PCS.

Here is an example output which shows which FMSPCs end up in the cache and which are rejected as being not relevant for TDX quote verification:

$ cargo run --example intel_pcs
Show output revealing which FMSPCs are cached 
   Compiling pccs v0.0.1 (/home/pumkin/src/flashbots/attested-tls/crates/pccs)
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 1.19s
     Running `/home/pumkin/src/flashbots/attested-tls/target/debug/examples/intel_pcs`
2026-03-10T08:27:02.492705Z  INFO Starting PCCS with Intel PCS pcs_url="https://api.trustedservices.intel.com"
2026-03-10T08:27:09.292710Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00906EA50000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.292802Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00906EA50000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.292825Z DEBUG Successfully cached: 00A06D080000 platform
2026-03-10T08:27:09.292841Z DEBUG Successfully cached: 00A06D080000 processor
2026-03-10T08:27:09.292854Z DEBUG Successfully cached: 00A06E050000 processor
2026-03-10T08:27:09.292869Z DEBUG Successfully cached: 00A06E050000 platform
2026-03-10T08:27:09.292883Z DEBUG Successfully cached: 70A06D070000 processor
2026-03-10T08:27:09.292897Z DEBUG Successfully cached: 70A06D070000 platform
2026-03-10T08:27:09.292911Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="20606C040000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.292933Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="20606C040000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.292954Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00A067110000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.292976Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00606C040000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.292999Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00A067110000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293021Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00606C040000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293043Z DEBUG Successfully cached: 50806F000000 processor
2026-03-10T08:27:09.293056Z DEBUG Successfully cached: 50806F000000 platform
2026-03-10T08:27:09.293071Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00706E470000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293090Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00706E470000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293110Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00806EA60000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293131Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00806EA60000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293151Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00706A800000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293171Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00706A100000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293191Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00706A100000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293211Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00706A800000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293243Z DEBUG Successfully cached: 20A06E050000 processor
2026-03-10T08:27:09.293258Z DEBUG Successfully cached: 20A06E050000 platform
2026-03-10T08:27:09.293272Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="F0806F000000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293561Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="F0806F000000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293600Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00806EB70000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293623Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00906EC50000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293645Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00906EC50000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293667Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00806EB70000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293689Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="90806F000000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293710Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="90806F000000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293731Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00906EC10000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293751Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00906EC10000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293775Z DEBUG Successfully cached: 10A06F010000 processor
2026-03-10T08:27:09.293790Z DEBUG Successfully cached: 10A06F010000 platform
2026-03-10T08:27:09.293803Z DEBUG Successfully cached: B0C06F000000 processor
2026-03-10T08:27:09.293815Z DEBUG Successfully cached: B0C06F000000 platform
2026-03-10T08:27:09.293829Z DEBUG Successfully cached: 20A06F000000 processor
2026-03-10T08:27:09.293842Z DEBUG Successfully cached: 20A06F000000 platform
2026-03-10T08:27:09.293855Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00906ED50000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293876Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00906ED50000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293896Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00A065510000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293916Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00A065510000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293938Z DEBUG Successfully cached: 60A06F000000 platform
2026-03-10T08:27:09.293952Z DEBUG Successfully cached: 60A06F000000 processor
2026-03-10T08:27:09.293965Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="30606A000000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.293985Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="30606A000000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.294005Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="20806EB70000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.294026Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="20806EB70000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.294046Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00906EA10000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.294066Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00906EA10000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.294086Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="30806F040000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.294106Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="30806F040000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.294124Z DEBUG Successfully cached: C0806F000000 processor
2026-03-10T08:27:09.294135Z DEBUG Successfully cached: C0806F000000 platform
2026-03-10T08:27:09.294144Z DEBUG Successfully cached: 20A06D080000 processor
2026-03-10T08:27:09.294153Z DEBUG Successfully cached: 20A06D080000 platform
2026-03-10T08:27:09.294163Z DEBUG Successfully cached: 10A06D000000 processor
2026-03-10T08:27:09.294171Z DEBUG Successfully cached: 10A06D000000 platform
2026-03-10T08:27:09.294179Z DEBUG Successfully cached: 00806F050000 platform
2026-03-10T08:27:09.294188Z DEBUG Successfully cached: 00806F050000 processor
2026-03-10T08:27:09.294196Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="20906EC10000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.294209Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="20906EC10000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.387466Z DEBUG Successfully cached: 90C06F000000 processor
2026-03-10T08:27:09.396577Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00806F000000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.435269Z DEBUG Successfully cached: 90C06F000000 platform
2026-03-10T08:27:09.451763Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00806F000000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.493906Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00906EB10000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.584900Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00906EB10000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:09.778377Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00606A000000" ca="processor" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:10.272766Z DEBUG Startup pre-provision: FMSPC/CA not cached: fmspc="00606A000000" ca="platform" error=DCAP quote verification: Missing TCB-Info-Issuer-Chain
2026-03-10T08:27:10.272844Z  INFO Completed PCCS startup pre-provisioning for TDX collateral discovered_fmspcs=37 attempted=74 successes=28 failures=46

Intel PCS startup prewarm complete
Elapsed seconds: 7.78
Discovered FMSPC entries: 37
Collateral fetch attempts: 74
Collateral fetch successes: 28
Collateral fetch failures: 46

Possible optimisation

It takes quite a while. We could drastically reduce the number of API calls in the warm-up, as many are not FMSPC dependent and are made redundantly. But this would comes at the cost of rolling more of this ourselves and having less code maintained by Phala.

Show breakdown of how many API calls we could save

Assumingg:

  • discovered_fmspcs = 37
  • attempted = 74 because prewarm does 2 CA fetches per FMSPC (processor + platform)

Right now, each of those 74 attempts triggers these PCS calls:

  • 1 x /sgx/certification/v4/pckcrl?...
  • 1 x /tdx/certification/v4/tcb?fmspc=...
  • 1 x /tdx/certification/v4/qe/identity?update=standard

Plus the initial:

  • 1 x /sgx/certification/v4/fmspcs

So current PCS call count is roughly:

  • 74 * 3 + 1 = 223 PCS calls

If you cache the shared routes during prewarm:

  • /qe/identity goes from 74 calls to 1
  • /pckcrl?ca=processor goes from 37 calls to 1
  • /pckcrl?ca=platform goes from 37 calls to 1
  • /tcb?fmspc=... stays at 74
  • /fmspcs stays at 1

That becomes:

  • 1 + 74 + 1 + 2 = 78 PCS calls

So the saving is:

  • 223 - 78 = 145 fewer PCS API calls
  • about 65% fewer PCS calls during prewarm
  • Which would take us down to around 2.7 seconds warmup rather than 7.7 seconds.

@ameba23 ameba23 marked this pull request as draft March 9, 2026 09:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ameba23